Related Vulnerabilities: CVE-2020-35605  

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.

Severity Medium

Remote No

Type Arbitrary command execution

Description

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.

AVG-1378 kitty 0.19.2-2 0.19.3-1 Medium Fixed

https://github.com/kovidgoyal/kitty/issues/3128
https://github.com/kovidgoyal/kitty/commit/82c137878c2b99100a3cdc1c0f0efea069313901